Update rules/cross-platform/execution_aws_ec2_lolbin_via_ssm.toml

Co-authored-by: Ruben Groenewoud <[email protected]>

Author: terrancedejesus

rules/cross-platform/execution_aws_ec2_lolbin_via_ssm.toml

@@ -8,7 +8,7 @@ updated_date = "2025/11/23"
 author = ["Elastic"]
 description = """
 Identifies the execution of Living Off the Land Binaries (LOLBins) or GTFOBins on EC2 instances via AWS Systems Manager
-(SSM) `SendCommand` API. This detection correlates AWS CloudTrail `SendCommand` events with endpoint process execution
+(SSM) "SendCommand" API. This detection correlates AWS CloudTrail "SendCommand" events with endpoint process execution
 by matching SSM command IDs. While AWS redacts command parameters in CloudTrail logs, this correlation technique reveals
 the actual commands executed on EC2 instances. Adversaries may abuse SSM to execute malicious commands remotely without
 requiring SSH or RDP access, using legitimate system utilities for data exfiltration, establishing reverse shells, or